Dell Aruba 650 Supplement handleiding - Pagina 21

Blader online of download pdf Supplement handleiding voor {categorie_naam} Dell Aruba 650. Dell Aruba 650 42 pagina's. Controllers with arubaos fips firmware non-proprietary security policy fips 140-2 level 2 release supplement

Pagina afdrukken

Table 3 Crypto-Officer Services

Service

Description

Updating Firmware Updating firmware on the module Commands and

Configuring OCSP

Configuring OCSP responder

Responder

functionality

Configuring

Configuring Control Plane

Control Plane

Security mode to protect

Security (CPSec)

communication with APs using

IPSec and issue self signed

certificates to APs

User Role

The User role can access the switch's IPSec and IKEv1/IKEv2 services. Service descriptions and inputs/

outputs are listed in the following table:

Table 4 User Service

Service

Description

IKEv1/IKEv2-IPSec Access the module's IPSec

services in order to secure

network traffic

HTTPS over TLS

Access the module's TLS

services in order to secure

network traffic

EAP-TLS

Provide EAP-TLS termination

termination

802.11i Shared

Access the module's 802.11i

Key Mode

services in order to secure

network traffic

802.11i with EAP-

Access the module's 802.11i

TLS

services in order to secure

network traffic

Aruba 620, 650 and Dell W-620, W-650 | FIPS 140-2 Level 2 Release Supplement

Input

Output

Status of

configuration data

commands and

configuration data

OCSP inputs,

OCSP outputs,

commands, and data

status, and data

Commands and

Status of

configuration data,

commands, IKEv1/

IKEv1/IKEv2 inputs and

IKEv2 outputs,

data; IPSec inputs,

status, and data;

commands, and data

IPSec outputs,

status, and data

and configuration

data, self signed

certificates

Input

Output

IPSec inputs,

IPSec outputs,

commands, and data

status, and data

TLS inputs, commands,

TLS outputs,

and data

status, and data

EAP-TLS inputs,

EAP-TLS outputs,

commands and data

status and data

802.11i inputs,

802.11i outputs,

commands and data

status and data

802.11i inputs,

802.11i outputs,

commands and data

status, and data

CSP Access

None

RSA/ECDSA key pair for

signing OCSP responses

RSA private key for IKEv1/

IKEv2 and certificate signing

(read access), Diffie-Hellman

key pair for IKEv1/IKEv2

(read/write access), Session

keys for IPSec (read/write

access)

CSP Access

RSA and ECDSA key pair for

IKEv1/IKEv2 (read access);

Diffie-Hellman and Elliptic

curve Diffie-Hellman key pair

for IKEv1/IKEv2 (read and

write access); pre-shared

keys for IKEv1/IKEv2 (read

access)

RSA key pair for TLS; TLS

Session Key

EAP-TLS RSA private key

(read)

EAP-TLS ECDSA private key

(read)

802.11i Pre-Shared Key

(read)

802.11i Session key (read/

write)

EAP-TLS RSA private key

(read)

EAP-TLS ECDSA private key

(read)

802.11i

Pair-Wise Master Key (read/

write)

802.11i

Session key (read/write)

FIPS 140-2 Level 2 Features |